diff --git a/src/requests/admin.cr b/src/requests/admin.cr index f40140c..bcddf56 100644 --- a/src/requests/admin.cr +++ b/src/requests/admin.cr @@ -11,14 +11,17 @@ class AuthD::Request end def handle(authd : AuthD::Service, fd : Int32) - # No verification of the users' informations when an admin adds it. - # No mail address verification. - # TODO: ADMIN OPERATION, verify the logged user is an admin. + logged_user = authd.get_logged_user? fd + + return Response::Error.new "you must be logged" if logged_user.nil? + return Response::Error.new "unauthorized (not admin)" unless logged_user.admin if authd.users_per_login.get? @login return Response::Error.new "login already used" end + # No verification of the user's informations when an admin adds it. + # No mail address verification. if authd.configuration.require_email && @email.nil? return Response::Error.new "email required" end @@ -36,7 +39,7 @@ class AuthD::Request user.profile = profile end - # We consider adding the user as a registration + # We consider adding the user as a registration. user.date_registration = Time.local authd.users << user @@ -48,8 +51,6 @@ class AuthD::Request IPC::JSON.message ModUser, 5 do - property shared_key : String - property user : Int32 | String property admin : Bool = false property password : String? = nil @@ -57,23 +58,21 @@ class AuthD::Request property phone : String? = nil property avatar : String? = nil - def initialize(@shared_key, @user) + def initialize(@user, @admin, @password, @email, @phone, @avatar) end def handle(authd : AuthD::Service, fd : Int32) - if @shared_key != authd.configuration.shared_key - return Response::Error.new "invalid authentication key" - end + logged_user = authd.get_logged_user? fd - uid_or_login = @user - user = if uid_or_login.is_a? Int32 - authd.users_per_uid.get? uid_or_login.to_s - else - authd.users_per_login.get? uid_or_login - end + return Response::Error.new "you must be logged" if logged_user.nil? - unless user - return Response::Error.new "user not found" + user = authd.user? @user + + return Response::Error.new "user not found" if user.nil? + + # Only an admin can create an admin. + if @admin + return Response::Error.new "unauthorized (not admin)" unless logged_user.admin end @password.try do |s| diff --git a/src/requests/contact.cr b/src/requests/contact.cr index 8b40de9..d659136 100644 --- a/src/requests/contact.cr +++ b/src/requests/contact.cr @@ -1,17 +1,18 @@ class AuthD::Request IPC::JSON.message EditContacts, 16 do - property token : String - property email : String? = nil property phone : String? = nil - def initialize(@token) + def initialize(@email, @phone) end def handle(authd : AuthD::Service, fd : Int32) - user = authd.get_user_from_token @token + logged_user = authd.get_logged_user? fd + return Response::Error.new "you must be logged" if logged_user.nil? - return Response::Error.new "invalid user" unless user + # Get the full AuthD::User instance, not just the public view. + user = authd.user? logged_user.uid + return Response::Error.new "unknown user" if user.nil? if email = @email # FIXME: This *should* require checking the new mail, with @@ -19,6 +20,10 @@ class AuthD::Request user.contact.email = email end + if phone = @phone + user.contact.phone = phone + end + authd.users_per_uid.update user Response::UserEdited.new user.uid @@ -27,18 +32,18 @@ class AuthD::Request AuthD.requests << EditContacts IPC::JSON.message GetContacts, 18 do - property token : String - - def initialize(@token) + def initialize() end def handle(authd : AuthD::Service, fd : Int32) - user = authd.get_user_from_token @token + logged_user = authd.get_logged_user? fd + return Response::Error.new "you must be logged" if logged_user.nil? - return Response::Error.new "invalid user" unless user + # Get the full AuthD::User instance, not just the public view. + user = authd.user? logged_user.uid + return Response::Error.new "unknown user" if user.nil? _c = user.contact - Response::Contacts.new user.uid, _c.email, _c.phone end end diff --git a/src/requests/login.cr b/src/requests/login.cr index 705a1a6..b0e6073 100644 --- a/src/requests/login.cr +++ b/src/requests/login.cr @@ -24,9 +24,12 @@ class AuthD::Request user.date_last_connection = Time.local token = user.to_token - # change the date of the last connection + # Change the date of the last connection. authd.users_per_uid.update user.uid.to_s, user + # On successuful connection: store the authenticated user in a hash. + authd.logged_users[fd] = user.to_public + Response::Login.new (token.to_s authd.configuration.shared_key), user.uid end end diff --git a/src/requests/permissions.cr b/src/requests/permissions.cr index c2818d0..490a0f7 100644 --- a/src/requests/permissions.cr +++ b/src/requests/permissions.cr @@ -8,15 +8,10 @@ class AuthD::Request end def handle(authd : AuthD::Service, fd : Int32) - # Get currently logged user. logged_user = authd.get_logged_user? fd - if logged_user.nil? - return Response::Error.new "you must be logged" - end - unless logged_user.admin - return Response::Error.new "unauthorized (not admin)" - end + return Response::Error.new "you must be logged" if logged_user.nil? + return Response::Error.new "unauthorized (not admin)" unless logged_user.admin user = case u = @user when .is_a? Int32 @@ -48,26 +43,23 @@ class AuthD::Request AuthD.requests << CheckPermission IPC::JSON.message SetPermission, 10 do - property shared_key : String - property user : Int32 | String property service : String property resource : String property permission : ::AuthD::User::PermissionLevel - def initialize(@shared_key, @user, @service, @resource, @permission) + def initialize(@user, @service, @resource, @permission) end def handle(authd : AuthD::Service, fd : Int32) - unless @shared_key == authd.configuration.shared_key - return Response::Error.new "unauthorized" - end + logged_user = authd.get_logged_user? fd + + return Response::Error.new "you must be logged" if logged_user.nil? + return Response::Error.new "unauthorized (not admin)" unless logged_user.admin user = authd.users_per_uid.get? @user.to_s - if user.nil? - return Response::Error.new "no such user" - end + return Response::Error.new "no such user" if user.nil? service = @service service_permissions = user.permissions[service]?